[UNIX] bogofilter/bogolexer Malformed Input DoS

From: SecuriTeam (support_at_securiteam.com)
Date: 11/03/04

  • Next message: SecuriTeam: "[TOOL] FireHOL - Stateful Iptables Configuration" 
    To: list@securiteam.com
Date: 3 Nov 2004 18:09:02 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      bogofilter/bogolexer Malformed Input DoS
    ------------------------------------------------------------------------

    SUMMARY

    Bogofilter is "a software package to classify a mail as SPAM or non-SPAM.
    It uses a data base to store words and must be trained which mail are SPAM
    and non-SPAM. It uses the probabilities of individual words for
    classifying the message".

    Antti-Juhani Kaijanaho provided Debian with a test case that crashed
    bogofilter 0.92.7. The problem was examined and tracked down to a change
    in bogofilter's quoted-printable decoder that went into 0.17.4.

    DETAILS

    Vulnerable Systems:
     * bogofilter/bogolexer version 0.92.7 and prior

    Immune Systems:
     * bogofilter/bogolexer version 0.92.8 and newer
     * bogofilter version 0.17.3 and older

    The pertinent change allowed the quoted-printable decoder to accept LF in
    encoded words but replaced it by a NUL character, which the calling
    function inside bogofilter could not handle. It attempted to write a NUL
    byte either one byte past the end of a buffer provided by the lexical
    analyzer or to an address that was the negative of the address of the
    first byte of the "encoded text" part of the encoded word that was
    supposed to be decoded.

    It was decided to announce this as a vulnerability because bogofilter
    cannot process the pertinent message.

    Impact:
    This vulnerability causes bogofilter to catch a "segmentation violation"
    signal, which causes an immediate program abort.

    The exact impact depends on the way bogofilter is integrated into the
    system. In common setups, the mail that contains such malformed headers is
    deferred by the mail delivery agent and remains in the queue, where it
    will eventually bounce back to the sender.

    Solution:
    Upgrade your bogofilter to version 0.92.8.

    bogofilter 0.92.8 is available from sourceforge:
    <http://sourceforge.net/project/showfiles.php?group_id=62265&package_id=59357&release_id=277823> http://sourceforge.net/project/showfiles.php?group_id=62265&package_id=59357&release_id=277823

    Note that a broken-out bugfix patch is not available at this time, because
    the reversion of the failure-inducing change is not a complete fix.
    Besides, bogofilter is under development and support is limited to the
    latest available "current" plus the latest available "stable" versions.

    ADDITIONAL INFORMATION

    The information has been provided by Antti-Juhani Kaijanaho, Clint Adams,
    David Relson.
    The original article can be found at:
    <http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01>
    http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[TOOL] FireHOL - Stateful Iptables Configuration"

    Relevant Pages